GENERAL COMPLIANCE TRAINING CIA YEAR ONE REVIEW AND CERTIFICATION

Similar documents
How To Get A Medical Bill Of Health From A Member Of A Health Care Provider

MEDICARE COMPLIANCE TRAINING EMPLOYEES & FDR S Revised

Standards of. Conduct. Important Phone Number for Reporting Violations

Fraud, Waste, and Abuse

USC Office of Compliance

Mental Health Resources, Inc. Mental Health Resources, Inc. Corporate Compliance Plan Corporate Compliance Plan

Compliance, Code of Conduct & Ethics Program Cantex Continuing Care Network. Contents

Prepared by: The Office of Corporate Compliance & HIPAA Administration

Fraud Waste and Abuse Training First Tier, Downstream and Related Entities. ONECare by Care1st Health Plan Arizona, Inc. (HMO) Revised: 10/2009

Compliance and Program Integrity Melanie Bicigo, CHC, CEBS

Fraud, Waste and Abuse Prevention Training

False Claims Act CMP212

Compliance Training for Medicare Programs Version 1.0 2/22/2013

MEDICAID AND MEDICARE (PARTS C&D) FRAUD, WASTE AND ABUSE TRAINING

Fraud Waste and Abuse Training First Tier, Downstream and Related Entities

Fraud, Waste and Abuse Page 1 of 9

To: All Vendors, Agents and Contractors of Hutchinson Regional Medical Center

Touchstone Health Training Guide: Fraud, Waste and Abuse Prevention

PHI Air Medical, L.L.C. Compliance Plan

Medicare Advantage and Part D Fraud, Waste, and Abuse Training. October 2010

Administrative Policy and Procedure Manual. Code of Conduct Effective Date: 1/2005 Scope: Organizationwide Page 1 of 9

FIRST TIER, DOWNSTREAM AND RELATED ENTITIES (FDR) ANNUAL TRAINING

Fraud, Waste and Abuse Training

Approved by the Audit and Compliance Committee of the Providence Health & Services Board of Directors

Code of Conduct. 3. SCOPE: All PHI Air Medical Personnel

Stark, False Claims and Anti- Kickback Laws: Easy Ways to Stay Compliant with the Big Three in Healthcare

TM Nightingale. Home Healthcare. Fraud & Abuse: Prevention, Detection, & Reporting

Developed by the Centers for Medicare & Medicaid Services

Fraud, Waste & Abuse. Training Course for UHCG Employees

FRAUD, WASTE & ABUSE. Training for First Tier, Downstream and Related Entities. Slide 1 of 24

VCU HEALTH SYSTEM Compliance Program. Updated August 2015

The following presentation was based on the

I. Policy Purpose. II. Policy Statement. III. Policy Definitions: RESPONSIBILITY:

CODE OF CONDUCT I. POLICY

CORPORATE COMPLIANCE POLICY AND PROCEDURE

POLICY ON FRAUD, WASTE AND ABUSE IN FEDERAL HEALTH CARE PROGRAMS

HPC Healthcare, Inc. Administrative/Operational Policy and Procedure Manual

CHAMPAIGN COUNTY NURSING HOME SUMMARY OF ANTI-FRAUD AND ABUSE POLICIES

Fraud, Waste and Abuse Prevention and Education Policy

Fraud, Waste & Abuse. UPMC Health Plan Quality Audit, Fraud, Waste & Abuse Department

CODE OF CONDUCT. Providers, Suppliers and Contractors

Title: Preventing and Reporting Fraud, Waste and Abuse in Federal Health Care Programs. Area Manual: Corporate Compliance Page: Page 1 of 10

MEDICAID AND MEDICARE (PARTS C&D) FRAUD, WASTE AND ABUSE TRAINING

Amy K. Fehn. I. Overview of Accountable Care Organizations and the Medicare Shared Savings Program

Federal False Claims Act (31 USC 3729 through 3733)

Program Integrity Fraud, Waste, and Abuse Training

THE CHRIST HOSPITAL POLICY NO ADMINISTRATIVE POLICY PAGE 1 OF 6 COMPLIANCE WITH THE FEDERAL ANTI-KICKBACK STATUTE AND STARK LAW

AVIATION AUTHORITY POLICY

Fraud, Waste and Abuse: Compliance Program. Section 4: National Provider Network Handbook

HIPAA and Privacy Policy Training

COMPLIANCE PROGRAM GUIDANCE FOR MEDICARE FEE-FOR-SERVICE CONTRACTORS

The University of Toledo. Corporate Compliance and HIPAA Training

Health Management Annual Compliance Training

Understanding Health Reform s

Compliance Plan False Claims Act & Whistleblower Provisions Purpose/Policy/Procedures

VNSNY CORPORATE. DRA Policy

VILLAGECARE CORPORATE COMPLIANCE POLICY AND PROCEDURE MANUAL ORIGINAL EFFECTIVE DATE: JANUARY 1, 2007

Prevention of Fraud, Waste and Abuse

Code of Conduct. All GlobalHealth employees, officers, directors, and agents must read the Code of Conduct and sign a Compliance Certification form.

Frequently Used Health Care Laws

Providers are expected to conduct their business activities in full compliance with all applicable state and federal laws.

Standards of Conduct for First Tier, Downstream, and Related Entities (FDR)

SCAN Health Plan Policy and Procedure Number: CRP-0067, False Claims Act & Deficit Reduction Act 2005

HACKENSACK UNIVERSITY MEDICAL CENTER Administrative Policy Manual

A Roadmap for New Physicians. Avoiding Medicare and Medicaid Fraud and Abuse

False Claims / Federal Deficit Reduction Act Notice Help Stop Healthcare Fraud, Waste and Abuse: Report to the Firelands Corporate Compliance Officer

Addressing Government Investigations. Marcos Daniel Jimenez Partner

Medicare Compliance and Fraud, Waste, and Abuse Training

Fraud, Waste & Abuse Policy

METHODIST HEALTH SYSTEM ADMINISTRATIVE TITLE: DETECTING FRAUD AND ABUSE AND AN OVERVIEW OF THE FEDERAL AND STATE FALSE CLAIMS ACTS

Fraud and Abuse. Current Trends and Enforcement Activities

Compliance Program Code of Conduct

ADMINISTRATIVE POLICY SECTION: CORPORATE COMPLIANCE Revised Date: 2/26/15 TITLE: FALSE CLAIMS ACT & WHISTLEBLOWER PROVISIONS

Accountable Care Organization. Medicare Shared Savings Program. Compliance Plan

Policy and Procedure: Corporate Compliance Topic: False Claims Act and Whistleblower Provisions, Deficit Reduction Act

This policy applies to UNTHSC employees, volunteers, contractors and agents.

B. Prevent, detect, and respond to unacceptable legal risk and its financial implications. C. Route non-compliance issues to appropriate areas.

False Claims and Whistleblower Protections All employees, volunteers, students, physicians, vendors and contractors

SUBJECT: BUSINESS ETHICS AND REGULATORY COMPLIANCE PROGRAM & PLAN (BERCPP)

Compliance Plan. Table of Contents

Fraud, Waste and Abuse Training for Medicare and Medicaid Providers

University Healthcare Physicians Compliance and Privacy Policy

CMS Mandated Training for Providers, First Tier, Downstream and Related Entities

State of Connecticut Department of Social Services HIPAA Policies and Procedures Manual

AppleCare General Compliance Training

AVOIDING FRAUD AND ABUSE

CODE OF CONDUCT And CORPORATE COMPLIANCE PLAN SUMMARY

CORPORATE COMPLIANCE PROGRAM

THE FCA INSPECTOR GENERAL: A COMMITMENT TO PUBLIC SERVICE

POLICY AND STANDARDS. False Claims Laws and Whistleblower Protections

Transcription:

GENERAL COMPLIANCE TRAINING CIA YEAR ONE REVIEW AND CERTIFICATION

INTRODUCTION Supporting the mission and vision of Broward Health requires commitment to compliance, integrity and dedication to the highest ethical standards. All Broward Health Workforce Members are expected to comply with Broward Health s Corporate Compliance and Ethics Requirements and Applicable Federal and State Law. In support of this expectation, we require all Workforce Members to complete Core Compliance and Ethics Training upon hire and on an annual basis. Thank you for your ongoing commitment to Compliance and Integrity 100% of the Time. 2

OVERVIEW Core Compliance and Ethics Training includes the following topics: Topic General Compliance and Ethics Corporate Integrity Agreement Code of Conduct Policies and Procedures Duration 60 minutes 30 minutes 30 minutes 30 minutes Throughout this training, we will review requirements, expectations and resources available to help you make the right decisions at Broward Health. 3

ROADMAP OF TODAY S TRAINING Introduction: Objectives, Mission and Key Definitions Elements of the Compliance and Ethics Program Applicable Federal and State Requirements Information Privacy and Security 4

INTRODUCTION: OBJECTIVES, MISSION, AND KEY DEFINITIONS

COURSE OBJECTIVES After completing this training, you will be able to: Identify the elements of Broward Health s Compliance and Ethics Program and the reasons for having a Compliance and Ethics Program Understand the legal, ethical, and other obligations to comply with Broward Health s Corporate Compliance and Ethics Requirements and Applicable Federal and State Requirements Understand the affirmative duty to report Compliance and Ethics Issues consistent with Broward Health s Disclosure Program and the existence and operation of the Anonymous Hotline and other reporting mechanisms Identify the laws and requirements of Federal health care programs Understand Broward Health s obligations and rights under the Health Insurance Portability and Accountability Act (HIPAA) and the Florida Information Protection Act (FIPA) 6

BROWARD HEALTH MISSION AND VISION Mission The mission of Broward Health is to provide quality healthcare to the people we serve. Vision Our Charter commissions us to operate our hospitals in service of the public good, and we aim to provide world-class healthcare to all we serve. In serving the healthcare needs of our patients, we care for all. 7

KEY DEFINITIONS Applicable Federal and State Requirements: Any federal or state statutes, regulations, or guidance applicable to Broward Health s operations; Medicare and Medicaid Manuals and transmittals; National Coverage Determinations; and publications issued by Medicare Administrative Contractors, including Local Coverage Determinations ( LCDs ). Broward Health s Corporate Compliance and Ethics Requirements: The Broward Health Code of Conduct, the Broward Health Compliance and Ethics Program, and all Broward Health policies and procedures. Compliance Issue: An actual or suspected concern or issue involving Applicable State and Federal Requirements or compliance components of Broward Health s Corporate Compliance and Ethics Requirements. Ethics Issue: An actual or suspected concern or issue regarding behavior that is inconsistent with the fundamental values of Broward Health, including those values contained in the Code of Conduct, such as quality, honesty, integrity, transparency, teamwork, creativity, and compassion 8

KEY DEFINITIONS (CONT.) Federal or State Health Care Programs: Any plan or program that provides health benefits, whether directly, through insurance, or otherwise, which is funded directly, in whole or in part, by the United States Government or a state government, including, but not limited to: Medicare, Medicaid, managed Medicare, managed Medicaid, TriCare/CHAMPUS, VA, SCHIP, and Federal Employees Health Benefit Plan. Workforce Member: Any employee, independent contractor, agent, volunteer, trainee, or other person who performs work for or on behalf of Broward Health. This includes full-time, parttime, and pool employees; associates; directors; officers; managers; supervisors; volunteers; members of the Board and members of standing committees; medical staff employed by or otherwise affiliated with Broward Health; medical students and all other affiliated students or others receiving training at any Broward Health facility; and others who provide goods or services to Broward Health. Additional definitions may be found in the Policies and Procedures Glossary, Policy No. GA-004-237 9

ELEMENTS OF THE COMPLIANCE AND ETHICS PROGRAM

ELEMENTS OF THE COMPLIANCE AND ETHICS PROGRAM At the foundation of the Compliance and Ethics Program are seven key elements that (based on the Federal Sentencing Guidelines for Organizations and OIG s Compliance Program Guidance for Hospitals) and will be discussed further during this training: 1. Written Standards/Policies and Procedures 2. Compliance Officer and Compliance Committee 3. Developing Open Lines of Communication 4. Training and Education 5. Monitoring and Auditing of Compliance Risks 6. Response and Prevention of Offenses 7. Enforcing Disciplinary Standards 11

1. WRITTEN STANDARDS Broward Health s Compliance and Ethics Written Standards includes our Code of Conduct and Broward Health s policies and procedures. The Code of Conduct sets forth the legal and ethical standards applicable to Workforce Members. The Code of Conduct addresses: quality; standards; honesty and integrity; transparency; commitment to the Broward Health team; creativity; and compassion. The policies and procedures provide information for Workforce Members on specific compliance and ethics topics (e.g., Disclosure Program, Overpayments, disciplinary standards). Additional trainings on the Code of Conduct and the policies and procedures will be provided. 12

1. WRITTEN STANDARDS (CONT.) As a Workforce Member, you are responsible for knowing, understanding and complying with our Code of Conduct as well as our policies and procedures. Our Code of Conduct and related policies reflect Broward Health s commitment to compliance and integrity, ethical conduct, as well as legal and regulatory compliance. 13

2. COMPLIANCE OFFICER AND COMPLIANCE COMMITTEE The role of the Chief Compliance Officer is to develop, oversee, implement, audit, and monitor the compliance requirements of Broward Health Compliance and Ethics Program and Broward Health s compliance with the requirements of Federal and State Health Care Programs. The Chief Compliance Officer is appointed by the Board, is a member of Broward Health s senior management, and reports directly to Broward Health s Chief Executive Officer The Chief Compliance Officer chairs Broward Health s Compliance Committee. 14

2. COMPLIANCE OFFICER AND COMPLIANCE COMMITTEE (CONT.) Each Broward Health Region has a designated Regional Compliance Manager who is onsite throughout the week to provide compliance guidance: 15

2. COMPLIANCE OFFICER AND COMPLIANCE COMMITTEE (CONT.) Broward Health has a Compliance Committee which meets at minimum on a quarterly basis. The Committee includes: President/Chief Executive Officer General Counsel Chief of Internal Audit Senior Vice President/Chief Financial Officer Senior Vice President/Chief Operating Officer Senior Vice President/Chief Human Resources Officer Senior Vice President, Chief Medical Officer Vice President/Designated Institutional Official Vice President/Chief Nursing Officer Vice President, Physician Services Administrative Director, Central Business Office Director, Physician Business Office Director, Risk and Insurance Services 16

2. COMPLIANCE OFFICER AND COMPLIANCE COMMITTEE (CONT.) Broward Health also has a Board of Commissioners Compliance and Ethics Committee to address compliance and ethics. The minutes of each Compliance Committee meeting are reported to the Board Compliance and Ethics Committee. 17

3. OPEN LINES OF COMMUNICATION The Chief Compliance Officer, the Chief Ethics Officer, the Compliance and Ethics Departments, and the General Counsel have an Open Door Policy. This allows Workforce Members to freely seek compliance and ethics guidance and encourages Workforce Members to openly discuss any compliance questions, ethics questions, concerns or issues you may have. All Workforce Members have a duty to report a Compliance Issue or Ethics Issue and will not face retribution or retaliation for reporting. 18

4. TRAINING AND EDUCATION All Workforce Members are required to complete Compliance and Ethics Training upon hire and on an annual basis. The Compliance and Ethics Program offers the following trainings on the following topics: General Compliance Training Code of Conduct Policies and Procedures Corporate Integrity Agreement Ineligible Persons Screening Training Overpayments Arrangements Focus Arrangements Monthly Compliance and Ethics Reporting, Management Sub- Certification, Management Certification 19

5. MONITORING AND AUDITING OF COMPLIANCE RISKS Broward Health s compliance, legal and other department leaders and the Compliance Committee conduct ongoing monitoring and auditing subject to the Compliance Work Plan, which is updated annually to identify, prioritize, review and remediate risks and incorporate OIG risk areas. The Compliance Work Plan may address compliance risk areas including, but not limited to: Billing process and systems Medical necessity, quality, and written physician orders Record retention Relationships with third-parties and vendors Excluded individuals and entities Reporting and responding to compliance concerns Privacy and confidentiality Departments may be required to report quarterly to the Chief Compliance Officer on monitoring procedures assigned to it under the Compliance Work Plan. 20

6. RESPONSE AND PREVENTION OF OFFENSES All Workforce Members are required to promptly report upon discovery all suspected or actual violations of Broward Health s Corporate Compliance and Ethics Requirements or Applicable Federal and State Requirements. Reports can be made to: an immediate supervisor or department director; the Chief Compliance Officer; Corporate Compliance Department Staff; Broward Health s Anonymous Hotline; or complianace@browardhealth.org. The Anonymous Hotline is anonymous and, to the extent possible, confidential. The Disclosure Program prohibits retaliation against any individual or entity that makes a report through the Disclosure Program. 21

6. RESPONSE AND PREVENTION OF OFFENSES (CONT.) The Chief Compliance Officer, Chief Ethics Officer, and General Counsel will investigate all reported Compliance Issues and Ethics Issues to determine if there is a valid factual basis. If so, they will undertake a Focused Investigation of the Compliance or Ethics Issue and will take appropriate disciplinary and/or corrective action. Follow-up documentation will be prepared that documents the substance of the Compliance or Ethics Issue, the investigation, Broward Health s response to the information yielded by the investigation, and any systemic changes made as a result of the investigation. 22

7. ENFORCING STANDARDS THROUGH WELL PUBLICIZED DISCIPLINARY STANDARDS All Workforce Members must comply with Broward Health s Corporate Compliance and Ethics Requirements and Applicable Federal and State Law Requirements. Failure to comply may subject the Workforce Member to prompt disciplinary action consistent with the nature, severity, and frequency of the violation. This compliance is also an element of each employee s performance evaluation. 23

APPLICABLE FEDERAL AND STATE REQUIREMENTS

APPLICABLE FEDERAL AND STATE REQUIREMENTS In addition to compliance with Broward Health Corporate Compliance and Ethics Program Requirements, Workforce Members must abide by Applicable Federal and State Requirements These requirements include federal and state statutes, regulations, or guidance applicable to Broward Health s operations; Medicare and Medicaid Manuals and transmittals; National Coverage Determinations; and publications issued by Medicare Administrative Contractors, including Local Coverage Determinations ( LCDs ). One component of these requirements that Workforce Members should be cognizant of are fraud and abuse laws and enforcement 25

RELEVANT HEALTH CARE FRAUD, AND ABUSE LAWS AND AUTHORITIES Federal laws governing health care fraud and abuse include: Federal False Claims Act Anti-Kickback Statute Physician Self Referral Prohibition (Stark Law) Exclusion Statute Key authorities that enforce the laws that govern health care: The Office of Inspector General (OIG) Department of Health and Human Services (DHHS) Department of Justice (DOJ) Centers for Medicare and Medicaid Services (CMS) State Attorney General State Medicaid Agencies (Florida Medicaid) Medicaid Fraud Control Units (MFCUs) 26

FEDERAL FALSE CLAIMS ACT Several bases of civil liability, including liability on anyone who: Knowingly presents, or causes to be presented, a false or fraudulent claim for payment or approval; Knowingly makes, uses, or causes to be made or used, a false record or statement material to a false or fraudulent claim; Knowingly makes, uses, or causes to be made or used, a false record or statement material to an obligation to pay or transmit money or property to the Government, or knowingly conceals or knowingly and improperly avoids or decreases an obligation to pay or transmit money or property to the Government. 27

FEDERAL FALSE CLAIMS ACT (CONT.) Damages Civil penalty of not less than $5,000 and not more than $10,000, as adjusted by the Federal Civil Penalties Inflation Adjustment Act of 1990 Plus three (3) times the amount of damages which the Government sustains because of the act of that person May be reduced under certain circumstances 28

ANTI-KICKBACK STATUTE 42 U.S.C. 1320a-7b(b); 42 C.F.R. 1001.952 Federal criminal statute, also civil penalties Intent-based statute Covers all types of arrangements & individuals Safe harbors OIG Advisory Opinions State law counterparts 29

ANTI-KICKBACK STATUTE (CONT.) A violation requires three elements: 1) Remuneration, which means anything of value, in cash or in kind 2) The remuneration must be made knowingly and willfully 3) The remuneration must be made with intent to induce referrals or business; according to most federal courts (and the prosecutors), a violation may be found if only one purpose of the remuneration is to induce referrals, even if there are also legitimate reasons for the payment 30

ANTI-KICKBACK STATUTE (CONT.) Potential penalties for AKS violations: Up to $25,000 per offense Up to five years imprisonment per offense Mandatory exclusion from federal health programs Civil monetary penalties Liability under the False Claims Act (codified by Health Care Reform) 31

PHYSICIAN SELF-REFERRAL PROHIBITION (STARK LAW) 42 U.S.C. 1395nn; 42 C.F.R. 411.350 et seq. Covers only physician relationships Strict liability statute Civil statute, prohibits payments and provides for civil monetary penalties Exceptions are required (if a financial relationship exists with a physician referring designated health services (DHS)) CMS Advisory Opinions State law counterparts 32

PHYSICIAN SELF-REFERRAL PROHIBITION (STARK LAW) (CONT.) Basic prohibition: Absent an exception, a physician may not refer a Medicare patient for DHS to an entity with which the physician or an immediate family member has a financial relationship An entity may not present a claim for payment for such services A financial relationship means (i) an ownership or investment interest, or (ii) a compensation arrangement between the referring physician and the provider A compensation arrangement means any arrangement involving any remuneration, direct or indirect, between the referring physician and the provider An ownership or investment interest includes any kind of equity or debt arrangement 33

PHYSICIAN SELF-REFERRAL PROHIBITION (STARK LAW) (CONT.) Examples of common financial relationships that need to comply with Stark: Medical Director Agreements, Professional Services Agreements, Equipment Leases, Medical Office Space Leases, Recruitment Agreements, Medical Staff Appreciation Events, Dinners/lunches/golf outings with MDs Penalties for Stark violations: Payment denial/recoupment by Medicare and Medicaid Civil monetary penalties up to $15,000 per prohibited service/billing Circumvention schemes face civil monetary penalties of up to $100,000 per incident Exclusion from Medicare/Medicaid participation Liability under the FCA (for knowing violations) 34

FLORIDA LAWS There are many Florida laws that should be considered as well, including, but not limited to: Patient Self-Referral Act Anti-Kickback Statute Patient Brokering Act 35

FRAUD, WASTE, AND ABUSE Engaging in any form of fraud, waste, or abuse will not be tolerated at Broward Health and may also be prosecuted under federal law, resulting in the imposition of restitution, fines, and in some instances, imprisonment. Violations of federal or state law related to fraud, waste, and abuse may also result in a range of administrative sanctions (such as exclusion from participation in Medicare, Medicaid, and Federal healthcare programs) and civil monetary penalties. Examples of fraud, waste, and abuse include: False documentation of a diagnosis or procedure code to obtain a higher rate of reimbursement. Forging or changing patient-billing related items such as making false claims or billing for services or supplies not rendered, not medically necessary, or not documented. Misrepresenting a diagnosis or procedure code in order to obtain payment. Alteration or forgery of checks. Any misuse or theft of funds. Falsifying or altering any record or report such as an employment application, payroll or time record, expense account, medical record, or patient record. Falsely reporting costs. 36

RELATIONSHIPS WITH PUBLIC OFFICIALS In addition to health care fraud and abuse laws, Workforce Members must also abide by Florida statutory requirements that ensure that public officials and Workforce Members conduct themselves independently and impartially, and do not use their offices or positions for private gain other than remuneration provided by law and avoid conflicts between public duties and private interests. Additionally, Broward Health is subject to Florida statutory requirements relating to public records and the conduct of its affairs in the sunshine. 37

RELATIONSHIPS WITH PUBLIC OFFICIALS (CONT.) Workforce Members are required to abide by the following guidelines: No Broward Health Workforce Member shall solicit or accept anything of value including a gift, loan, and reward, promise of future employment, favor, or service that is based on any understanding that the vote, official action or judgment of the Workforce Member would be influenced by such gift. No Broward Health Workforce Member acting as purchasing agent or acting in his or her official capacity shall, directly or indirectly, purchase, rent, or lease any realty, goods, or services for Broward Health from a business entity in which the Workforce Member, his or her spouse, or child is an officer, partner, director, or proprietor, or in which the Workforce Member, his or her spouse, or child (or any combination of them) has a material interest. Nor shall a public Workforce Member, acting in a private capacity, rent, lease, or sell any realty, goods or services to his or her own agency. 38

RELATIONSHIPS WITH PUBLIC OFFICIALS (CONT.) No Broward Health Workforce Member or his or her spouse or minor child shall accept any compensation, payment, or thing of value which, with the exercise of reasonable care, is known or should be known to influence the official action of such Workforce Member. No Broward Health Workforce Member shall corruptly use or attempt to use his or her official position or any property or resource within his or her trust, or perform his or her official duties, to obtain a special privilege, benefit, or exemption for himself or herself or others. No Broward Health Workforce Member shall disclose or use information not available to the general public and gained by reason of his or her public position for his or her personal gain or benefit or the gain or benefit of others. 39

INFORMATION PRIVACY AND SECURITY

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA) Three Sections of the Law: 1. HIPAA Privacy Rule: Protects all Protected Health Information (PHI) in any form or media, whether electronic, paper or oral. 2. HIPAA Security Rule: Applies only to electronic PHI (ephi). As a Covered Entity, Broward Health must protect the confidentiality, integrity and availability of ephi. 3. Breach Notification Rule: Requires that patients and the Secretary of the US Department of Health and Human Services (HHS) are notified when there is a breach of PHI or ephi. Notable State Laws: Florida Information Protection Act (FIPA): Requires notification to the Florida Attorney General of breaches affecting more than 500 individuals in Florida. Other Florida Privacy Laws: Specific protections for Mental Health Records (psychotherapy notes), Substance/Alcohol Abuse Treatment, STD/HIV and Aids Test Results, Records, or Treatment, and Domestic-Violence Related Treatment 41

INDIVIDUAL PRIVACY RIGHTS The HIPAA Privacy Rule provides individuals with rights related to the privacy of their PHI. These rights, as well as how Broward Health uses or discloses patient information, are described in the Notice of Privacy Practices. Every patient must be provided with a copy of the Notice of Privacy Practices. Patient rights under HIPAA include: Accessing PHI See Compliance and Ethics Policy - Release of Protected Health Information Obtaining an accounting of disclosures of PHI See Compliance and Ethics Policy - Accounting of Disclosures Requesting restrictions on PHI use See Compliance and Ethics Policy - Agreed Upon Restriction Requesting alternate means of communication See Compliance and Ethics Policy - Individual s Right to Confidential Communication The right to file a complaint for violation of privacy rights See Compliance and Ethics Policy - Reporting of Information Privacy and Security Incidents 42

PROTECTED HEALTH INFORMATION AT BROWARD HEALTH Use and Disclosure of Information: Generally speaking, PHI cannot be disclosed to others without the individual s written authorization except for the purposes of: Treatment (providing care); Payment (processing claims) or; Health Care Operations (compliance audits, risk management, quality management). Minimum Necessary: When dealing with PHI, Broward Health Workforce Members must make reasonable efforts to limit the use and disclosure of information to the minimum necessary amount of PHI to accomplish the intended purposes of the use or request. Prior to releasing any information, all Workforce Members should use the following three step process: 1. Request identification, such as a government-issued picture ID from any individual requesting or receiving PHI. This includes confirming the identity of patients prior to providing paperwork. 2. Confirm authority of the individual to receive the information. This includes the patient, parent, or guardian of a minor, or, for adults, the legally appointed personal representative. 3. Check that ALL the documents match the name and date of birth of the patient whose information is requested. 43

SAFEGUARDING PHI Only access a patient s information if required for your work responsibilities. Work responsibilities do NOT include: Obtaining demographic information for social activities; Reviewing records of patients you are concerned about who you are not treating; or Viewing PHI of Broward Health employees who are patients of Broward Health to determine scheduling. All user activity is automatically tracked in all databases containing PHI through access reports (these include when and how many times a record was accessed and viewed). Workforce Members are responsible for all activity conducted under their username. To ensure unauthorized users do not work under your username, log-off when leaving your workstation and keep your log-on information confidential. Workforce members should always take steps to protect physical PHI. Remove any PHI material from any common areas or workstation when not using the material. Lock and secure all company-issued equipment or devices containing PHI. 44 Dispose of PHI in the designated shredder bins. Do NOT place PHI in the trash.

PROTECTING HEALTH INFORMATION Social Media : Use of Social Media websites while at work is subject to Broward Health Human Resources Policies and Procedures. Do NOT take pictures, post pictures, or post updates about patients. Email: Employees are not allowed to send work emails containing PHI to their personal email accounts. Note that personal email accounts do not have the same security that Broward Health has in its email accounts. Whenever sending PHI over email, you should ensure that the PHI is encrypted. Visitors: Many times patients have visitors in their rooms. Sometimes these visitors are known to staff. In order to safeguard patient information, staff should ALWAYS request that family members who are not part of the care team (Personal Representatives or otherwise requested by the patient) leave the room when providing or discussing any care. Sending Text Messages to Patients: Broward Health staff are NEVER to send text messages to patients. Even text messages that do not contain PHI are not permitted. 45

REPORTING Workforce Members must report any suspected breach, security incident, violation of privacy, patient complaint of identity theft, or any unusual situations involving PHI to the Corporate Compliance Department For example: A patient complains that their information was shared or you see an employee taking PHI home with them without authorization If you see any documents in unsecured areas that contain PHI, pick them up and report the incident to the Corporate Compliance Department 46

INDIVIDUAL AND ORGANIZATIONAL PENALTIES FOR HIPAA VIOLATIONS Federal State Broward Health Minimum penalties range from $100 per violation to $50,000 per violation. Violations may be charged as misdemeanors or felonies. Verbal/written counseling. Suspension. Maximum penalties range from $50,000 to $1.5 million. Criminal penalties for individuals range from $50,000 and up to oneyear imprisonment, and can go as high as $250,000 and up to 10 years imprisonment. In Florida, patients may sue for invasion of privacy. State Attorney General may prosecute on behalf of patients. Termination. Legal prosecution and notification of law enforcement officials and/or state accreditation and licensure boards. 47

REFERENCE MATERIALS

APPLICABLE COMPLIANCE AND ETHICS PROGRAM POLICIES AND PROCEDURES For more information on the 7 elements, see the applicable policies and procedures: Development of Compliance Policies and Procedures Policy, Policy No. GA-004-236 Chief Compliance Officer: Appointment, Roles, and Responsibilities Policy, Policy No. GA-004-250 Compliance Committee: Appointment, Roles, and Responsibilities Policy, Policy No. GA-004-251 Open Lines of Communications Policy, Policy No. GA-004-234 Training and Education Policy, Policy No. GA-004-245 Auditing and Monitoring Policy, Policy No. GA-004-345 Response and Prevention of Offenses Policy, Policy No. GA-004-242 Enforcement of Disciplinary Standards Policy, Policy No. GA-004-238 49

SOURCES OF COMPLIANCE PROGRAM GUIDANCE Office of Inspector General, Publication of the OIG Compliance Program Guidance for Hospitals, 63 Fed. Reg. 8987 (Feb. 23, 1998) and OIG Supplemental Compliance Program Guidance for Hospitals, 70 Fed. Reg. 4858 (Jan. 31, 2005) Provides seven basic elements for a voluntary compliance program that can be used by all hospitals (not an exclusive list, aimed at assisting hospitals with the development of internal controls that prevent fraud, abuse and waste). United States Sentencing Commission, Guidelines Manual, ch. 8 (Nov. 2015): Provides guidelines for sentencing convicted organizations. One of two factors that mitigate the ultimate punishment of an organization is the existence of an effective compliance and ethics program. 50

CORPORATE COMPLIANCE AND ETHICS CONTACT INFORMATION Call 954.473.7500 Corporate Compliance 954.473.7487 Ethics Email Anonymous Hotline Compliance@browardhealth.org Privacy@browardhealth.org 888.511.1370 or www.browardhealth.org/compliance 51

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information